Messages

Can you resolve names if you set your external IP as nameserver? If you can, you have a problem to solve. If you cannot then you do not. You have to be o/s of your LAN for this.
idk how shodan.io makes its determination, but they could be simply detecting that you do not drop their packets.

It worked as soon as I uninstalled the community plugin and deleted its conf file.

There is only one place in OS to enter custom options for Unbound.
My nslookup takes type where I put the option.

One gotcha that I learned was that I could not restore a config saved from one installation, to another installation. I probably asked about that here but got nowhere.

Every once in a while one or both of these two things happen:

1. An enthusiast is hired by an oddball organization and they give a permission to use their infrastructure for a good cause or that enthusiast uses it w/o their permission.
2. The organization comes up with a creative way to broaden their Internet footprint by volunteering for some free services.

So I would not worry too much about getting time from any such. After all, it is a matter of sending and receiving 2 UDP packets between the router and the NTP server. It's not that they go full-on hacking on you.

Compared to that, I am getting non-stop port-scanned by Microsoft, even after a cease and desist letter.

For some reason, the SRV record that I set up for XMPP clients is not working. I added to upbound custom options:

local-data: "_xmpp-client._tcp.local.domain. 86400 IN SRV 0 5 5222 mail.local.domain."

But when I query it it times out:

$ nslookup _xmpp-client._tcp.local.domain -type="SRV"
;; communications error to 10.0.0.1#53: timed out
;; communications error to 10.0.0.1#53: timed out
;; communications error to 10.0.0.1#53: timed out
;; no servers could be reached

The address record that it points to queries instantaneously:

$ nslookup mail.local.domain -type="A"
Server:        10.0.0.1
Address:    10.0.0.1#53

Name:    mail.local.domain
Address: 10.0.0.2

$

Did I do something wrong?

Many thanks!

For about 30 years now, I provide IT consulting services to some world's largest companies. I have seen products being adopted and removed from service once they were found more trouble than benefit. This includes both commercial and free software. Products that serve the user's needs continue to be used, whereas those that work against the user become retired.

OS is a great product! The fact that I prefer it to PFS and other routers should tell you a lot regardless of what you think of me personally. Up to you.

Long story short: if you want OS to continue to lead and be widely adopted, then you should change the UI of firewall rules.
Currently, I have some 500 rules in the WAN section. This is not a lot! Over my career, I've seen companies have 10s of 1000s of rules. But with slightly over 500 rules, the process of managing them in OS admin UI is becoming a pain point because they load very slowly. It takes a long while to initially load the list, and then it is very slow to scroll down. You should seriously consider splitting the display and management functions into 2 separate tabs, the management being the 1st, default one.

When I come to the WAN rule admin page, I do not come there to see the whole list. I could not care less about what is currently on the list, when I want to add a new rule. Only if I want to check whether a similar rule exists or not, which happens rather seldom, will I want to flip to the 2nd tab and do a search. And even then, I would rather search be on its own, separate tab.

Another viable option is to paginate the list to a number of items low by default, some 25-50, like you do on other pages. Dumping hundreds of FW rules on a user and having them wait is not something that can be welcomed.

Like I previously mentioned, you already have good examples of UI solutions elsewhere in OS. All you should do is transplant them to the areas that cause pain for the user. This should not be too hard to do.

This may have already been done in your new versions, but I have no way of knowing about that because I refuse to use 24+ due to the redesign of the main dashboard that does not fit my needs.

Cheers!

I am running mine on the very 1st Atom 230 and seeing no performance issues. It is on DSL so this may explain why it copes. If you are on fiber/cable/LAN it may be a different story for you.

It's worth noting the version.
I'm on 21.7 and not seeing anything of the sort. Overrides work, and nothing bypasses the OS.

It is probably an attempt to upgrade an outgoing connection to use HTTP/3, which uses UDP during handshake. Since those packets are unsolicited, they may get blocked. Also, some web servers still send some packets when they end HTTP(S) sessions and these may get blocked because they are out-of-state.

The rule logs very short TCP packets to all of the destinations, be it Google or some obscure crawler.

Much appreciated! Kudos for your great work, mimugmail! Enjoy your holidays!

Why is this not possible on OS? Can it not emit sounds by design? 8()

I always thought that if an inbound PASS FW rule is matched, then the response will always be allowed. At least this was how my Linux router worked. It also had a settings for rules that checked NEW/ESTABLISHED etc attributes of connections which I am not seeing in OS.
Long story short, I host a number of web servers from a VM on my LAN. This and other handful of VMs are blocked from making outgoing connections by a LAN rule that is spelled as follows:

Block IPV4 protocols * source <VM's IP address> Port * Destination *

Every couple hours, the web server VM does bursts of 10x outgoing connection attempts from source port 80 to random high ports on mostly search engine destination IPs, i.e. Google bot, Microsoft, Yahoo, and a number of others whom I checked and found that they are also less famous search engines.
It occurred to me that this could be me mistaking the web server's response to an incoming request for a new outgoing connection, but when I browsed all of the hosted web sites from outside of my LAN, from elsewhere on the Internet, I did not see any new such entries in the logs. It also occurs to me that they might be GETting something that I do not get such as robots.txt, XMLRPC, etc. How can I find out for sure whether it is a web site responding to an external request and being blocked by the above rule or it is some malicious activity?
It confuses me that they always come in bursts of 10x regardless of which search engine it is. This leads me to believe that it is something coded into the web server software rather than all those search engines using the same pattern of requests. Any ideas as to what is going on?

If I remember correctly, when I created an OVPN server on my OS, it created an OpenVPN Wizard firewall rule. I did not touch anything else related to OVNP on the FW.
Now one of my remote staff is trying to connect and fails, but I do not see any new log entries for that FW rule that I've turned the logging on for.
But when I create a WAN PASS rule for port 1194, I can see that client's connection attempts being logged.
How is this supposed to work: with the auto-created rule or with my rule?

The new forum shows the topic list after posting whereas the standard, customary, and expected behavior on all forum platforms is to show the new topic/post. This is annoying.